If you like us here, you'll LOVE us on Discord. Come join the smartest and most lively #DFIR community on the planet. discord.com/invite/YAU3vRE

While there are many great articles that discuss logs to be sent to a SIEM, many don't mention filtering on the endpoint during investigations. This is an area in which Velociraptor excels. 🦖🚀 #FastForensicsBeforeFullSendIt #LogManagementMusts #SaveTheSIEM #SplunkCostBoss

If you missed VeloCon23, all talks are available on YouTube and the website. docs.velociraptor.app/presentations/… #dfir #cybersecurity #rapid7

Pushed out a Velociraptor artifact to scope some of the items in the SysAid post exploitation activity. docs.velociraptor.app/exchange/artif… Velociraptor

Sharing out my workshop from DEATHcon. mgreen27.notion.site/mgreen27/Veloc… Fun to showcase some of the similar workflows I do day to day. @Velocidex #dfir DEATHcon was put on by [email protected] Olaf Hartong 🦊🇦🇲 [email protected] its a really unique event - thank you!

Want a sneak peek at the upcoming Velociraptor v0.7.1? With awesome new capabilities like built in Sigma integration and enhanced notebook functionality, you will want to download the release candidate today and test it out. Be sure to log any bugs or issues through GitHub.

We're incredibly thankful to our wonderful community of contributors, testers and enthusiasts! Without you, Velociraptor wouldn't be what it is. To all of you, your family and friends, HAPPY THANKSGIVING!

Thought I would make some posts for #100daysofyara. Not sure how often i'll post but good chance to test some triage workflow and build some pratical Velociraptor rules for automation :) In the example below I grabbed a NanoCore sample from MalwareBazaar -

Another #100daysofyara post - #R7Labs Source a couple of samples: bazaar.abuse.ch/browse/tag/Soc… Running Velociraptor Windows.Detection.Yara.Process in should detect on a running final payloads. I have focused on simple network connection & config filename strings.

#100daysofyara targeting QuasarRAT via namespace strings observed in process memory and decompiled code. #R7Labs Velociraptor Windows.Detection.Yara.Process only returns one hit per process here as I added some groupings to minimise any FPs github.com/rapid7/Rapid7-…

Only a few days left to secure your early bird for our Velociraptor training in Singapore. This is a rare opportunity to learn about Velociraptor and how to deploy it effectively, develop VQL artifacts and actively hunt for adversaries. blackhat.com/asia-24/traini…

Version 0.7.2 of Velociraptor is now fully available for download! Learn what's new 👉 r-7.co/3WliUVJ

I was so excited about the new 0.72 release of Velociraptor I just could not wait to make a quick video to show you all the new features! #velociraptor #dfir #digitalforensics Check it out here youtube.com/watch?v=FwmFYm…

The incident started with a compromised server. When we extended the hunting to the entire network, we found traces of the "WayBack" campaign on a computer, which Yoroi documented almost exactly three years ago [1]. We also found the exact same code as in the blog on

Great example of VQL automation!

We just re-published a cool blog post, on the Velociraptor Blog, by Chris Hayes from Reliance Forensics . The post illustrates the process of setting up Velociraptor using external certificates. docs.velociraptor.app/blog/2024/2024… Original post reliancecyber.com/secure-velocir…

Velociraptor release 0.73 is now available for testing! Read about all the cool new features here docs.velociraptor.app/blog/2024/2024… . An exciting new feature is built in timelining capability. Check the blog post here docs.velociraptor.app/blog/2024/2024…

Looking forward to speaking on a panel at the Rapid7 Take Command Summit. Register for free below as we talk about between pen testing, red teaming and the benefits of running regular security exercises. rapid7.brighttalk.com/?utm_source=re…

At AUSCERT conference we presented "Sigma and Detection Engineering with Velociraptor Velociraptor". Learn how to implement real time Sigma detection with forensic enhancements. Full presentation youtube.com/watch?v=3EBrpF… and slides docs.velociraptor.app/presentations/…

It was awesome to be at the AUSCERT conference this year - What an amazing event and I learned so much! See you all next year!